smbfs/mojom/smbfs.mojom - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2019 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 module smbfs.mojom;

 import "smbfs/mojom/file_path.mojom";
 import "smbfs/mojom/ip_address.mojom";

 // This file is shared between Chrome and Chrome OS.
 // In Chrome, this file is located at:
 // //chromeos/components/smbfs/mojom/smbfs.mojom
 // In Chrome OS, this file is located at:
 // //platform2/smbfs/mojom/smbfs.mojom

 // Name used to identify the bootstrap message pipe. To be used with
 // mojo::{Incoming,Outgoing}Invitation.
 const string kBootstrapPipeName = "smbfs-bootstrap";

 // Implemented by SmbFs, used from Chrome.
 interface SmbFsBootstrap {
   // Connect to an SMB share. This method must only be called once.
   MountShare(MountOptions options, SmbFsDelegate delegate) =>
       (MountError error, SmbFs? smbfs);
 };

 // Implemented by SmbFs, used from Chrome.
 interface SmbFs {
   // Deletes any credentials stored for this share mount.
   RemoveSavedCredentials() => (bool success);

   // Recursively delete |path|, which is the absolute path (within the SMB
   // share, ie. /dir_a/file_b) of a file or directory.
   DeleteRecursively(FilePath path) => (DeleteRecursivelyError error);
 };

 // Implemented by Chrome, used from SmbFs.
 interface SmbFsDelegate {
   // Request authentication credentials. This request is made when accessing a
   // share fails with an authentication error. If null is returned, this
   // indicates the request was dismissed by the user.
   RequestCredentials() => (Credentials? credentials);
 };

 enum MountError {
   // Success.
   kOk = 0,

   // Generic code for uncategorized errors.
   kUnknown = 1,

   // Mount timeout.
   kTimeout = 2,

   // Share URL is invalid.
   kInvalidUrl = 3,

   // An invalid combination of mount options was specified, or required
   // options were missing.
   kInvalidOptions = 4,

   // Share not found.
   kNotFound = 5,

   // Share access denied (i.e. username/password error).
   kAccessDenied = 6,

   // Invalid protocol (i.e. SMB1).
   kInvalidProtocol = 7,
 };

 enum DeleteRecursivelyError {
   // Success.
   kOk = 0,

   // Generic code for uncategorized errors.
   kUnknown = 1,

   // The specified path for deletion was not found.
   kPathNotFound = 2,

   // A file or directory within the tree could not be deleted.
   kFailedToDeleteNode = 3,

   // A directory within the tree could not be listed.
   kFailedToListDirectory = 4,

   // A recursive delete is already in progress.
   kOperationInProgress = 5,
 };

 struct Password {
   // The Samba client library uses an "fstring" type to obtain the password,
   // which is limited to 256 bytes (See source3/include/includes.h in the Samba
   // sources). Subtract one to account for a null terminator.
   const int32 kMaxLength = 255;

   // File descriptor of pipe containing password.
   handle fd;
   // Length of password stored in |fd|.
   int32 length;
 };

 struct KerberosConfig {
   enum Source {
     // Obtain credentials for Active Directory from authpolicyd.
     kActiveDirectory = 0,

     // Obtain credentials from kerberosd.
     kKerberos = 1,
   };
   // Source of kerberos credentials.
   Source source;

   // Kerberos identity. Will be account GUID for Active Directory, and
   // principal name for non-AD kerberos.
   string identity;
 };

 struct CredentialStorageOptions {
   const int32 kMinSaltLength = 16;

   // Username hash of the mounting profile.
   string account_hash;

   // A vector of random bytes to use to obfuscate the password being stored.
   // Must be at least |kMinSaltLength| bytes in length and generated by a
   // strong random byte generator.
   array<uint8> salt;
 };

 struct MountOptions {
   // Full share path. Must be in the form "smb://hostname/sharename", and must
   // have the hostname as entered by the user and NOT resolved to an IP address
   // (unless the user entered an IP address as the hostname).
   string share_path;

   // Resolved IP address of the share's hostname.
   IPAddress? resolved_host;

   // Authentication parameters.
   string username;
   string workgroup;
   // Password is passed using an fd to avoid having the password in addressable
   // memory while being transferred over IPC. This also allows the password to
   // be stored using libpasswordprovider on the Chrome OS side.
   Password? password;
   KerberosConfig? kerberos_config;

   // Allow NTLM authentication.
   bool allow_ntlm = false;

   // Skip attempting to connect to the share, and instead unconditionally mount
   // the share.
   bool skip_connect = false;

   // Options for saving password to the daemon store. If present, the password
   // will be saved or restored based on whether the |password| field is present.
   [MinVersion=1] CredentialStorageOptions? credential_storage_options;
 };

 struct Credentials {
   string username;
   string workgroup;
   Password? password;
 };
	// Copyright 2019 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	module smbfs.mojom;

	import "smbfs/mojom/file_path.mojom";
	import "smbfs/mojom/ip_address.mojom";

	// This file is shared between Chrome and Chrome OS.
	// In Chrome, this file is located at:
	// //chromeos/components/smbfs/mojom/smbfs.mojom
	// In Chrome OS, this file is located at:
	// //platform2/smbfs/mojom/smbfs.mojom

	// Name used to identify the bootstrap message pipe. To be used with
	// mojo::{Incoming,Outgoing}Invitation.
	const string kBootstrapPipeName = "smbfs-bootstrap";

	// Implemented by SmbFs, used from Chrome.
	interface SmbFsBootstrap {
	// Connect to an SMB share. This method must only be called once.
	MountShare(MountOptions options, SmbFsDelegate delegate) =>
	(MountError error, SmbFs? smbfs);
	};

	// Implemented by SmbFs, used from Chrome.
	interface SmbFs {
	// Deletes any credentials stored for this share mount.
	RemoveSavedCredentials() => (bool success);

	// Recursively delete \|path\|, which is the absolute path (within the SMB
	// share, ie. /dir_a/file_b) of a file or directory.
	DeleteRecursively(FilePath path) => (DeleteRecursivelyError error);
	};

	// Implemented by Chrome, used from SmbFs.
	interface SmbFsDelegate {
	// Request authentication credentials. This request is made when accessing a
	// share fails with an authentication error. If null is returned, this
	// indicates the request was dismissed by the user.
	RequestCredentials() => (Credentials? credentials);
	};

	enum MountError {
	// Success.
	kOk = 0,

	// Generic code for uncategorized errors.
	kUnknown = 1,

	// Mount timeout.
	kTimeout = 2,

	// Share URL is invalid.
	kInvalidUrl = 3,

	// An invalid combination of mount options was specified, or required
	// options were missing.
	kInvalidOptions = 4,

	// Share not found.
	kNotFound = 5,

	// Share access denied (i.e. username/password error).
	kAccessDenied = 6,

	// Invalid protocol (i.e. SMB1).
	kInvalidProtocol = 7,
	};

	enum DeleteRecursivelyError {
	// Success.
	kOk = 0,

	// Generic code for uncategorized errors.
	kUnknown = 1,

	// The specified path for deletion was not found.
	kPathNotFound = 2,

	// A file or directory within the tree could not be deleted.
	kFailedToDeleteNode = 3,

	// A directory within the tree could not be listed.
	kFailedToListDirectory = 4,

	// A recursive delete is already in progress.
	kOperationInProgress = 5,
	};

	struct Password {
	// The Samba client library uses an "fstring" type to obtain the password,
	// which is limited to 256 bytes (See source3/include/includes.h in the Samba
	// sources). Subtract one to account for a null terminator.
	const int32 kMaxLength = 255;

	// File descriptor of pipe containing password.
	handle fd;
	// Length of password stored in \|fd\|.
	int32 length;
	};

	struct KerberosConfig {
	enum Source {
	// Obtain credentials for Active Directory from authpolicyd.
	kActiveDirectory = 0,

	// Obtain credentials from kerberosd.
	kKerberos = 1,
	};
	// Source of kerberos credentials.
	Source source;

	// Kerberos identity. Will be account GUID for Active Directory, and
	// principal name for non-AD kerberos.
	string identity;
	};

	struct CredentialStorageOptions {
	const int32 kMinSaltLength = 16;

	// Username hash of the mounting profile.
	string account_hash;

	// A vector of random bytes to use to obfuscate the password being stored.
	// Must be at least \|kMinSaltLength\| bytes in length and generated by a
	// strong random byte generator.
	array<uint8> salt;
	};

	struct MountOptions {
	// Full share path. Must be in the form "smb://hostname/sharename", and must
	// have the hostname as entered by the user and NOT resolved to an IP address
	// (unless the user entered an IP address as the hostname).
	string share_path;

	// Resolved IP address of the share's hostname.
	IPAddress? resolved_host;

	// Authentication parameters.
	string username;
	string workgroup;
	// Password is passed using an fd to avoid having the password in addressable
	// memory while being transferred over IPC. This also allows the password to
	// be stored using libpasswordprovider on the Chrome OS side.
	Password? password;
	KerberosConfig? kerberos_config;

	// Allow NTLM authentication.
	bool allow_ntlm = false;

	// Skip attempting to connect to the share, and instead unconditionally mount
	// the share.
	bool skip_connect = false;

	// Options for saving password to the daemon store. If present, the password
	// will be saved or restored based on whether the \|password\| field is present.
	[MinVersion=1] CredentialStorageOptions? credential_storage_options;
	};

	struct Credentials {
	string username;
	string workgroup;
	Password? password;
	};